use of org.platformlayer.auth.ProjectEntity in project platformlayer by platformlayer.
the class JoinProject method runCommand.
@Override
public Object runCommand() throws RepositoryException, IOException {
UserDatabase userRepository = getContext().getUserRepository();
UserEntity me = getContext().loginDirect();
ProjectEntity project = userRepository.findProjectByKey(projectKey.getKey());
if (project == null) {
throw new CliException("Project not found: " + projectKey.getKey());
}
SecretStore secretStore = new SecretStore(project.secretData);
CryptoKey projectSecret = secretStore.getSecretFromUser(me);
if (projectSecret == null) {
String msg = "Cannot retrieve project secret.";
msg += " Is " + me.key + " a member of " + project.getName() + "?";
throw new CliException(msg);
}
if (Strings.isNullOrEmpty(roleKey)) {
throw new CliException("Role is required");
}
RoleId role = new RoleId(roleKey);
userRepository.addUserToProject(username.getKey(), project.getName(), projectSecret, Collections.singletonList(role));
return project;
}
use of org.platformlayer.auth.ProjectEntity in project platformlayer by platformlayer.
the class KeychainResource method authorizeCertificateChain.
@POST
public ValidateTokenResponse authorizeCertificateChain(@QueryParam("project") String project, CertificateChainInfo chain) {
try {
requireSystemAccess();
} catch (AuthenticatorException e) {
log.warn("Error while checking system token", e);
throwInternalError();
}
UserEntity userEntity = null;
try {
boolean unlock = false;
userEntity = userAuthenticator.findUserFromKeychain(chain, unlock);
} catch (AuthenticatorException e) {
log.warn("Error while fetching user", e);
throwInternalError();
}
if (userEntity == null) {
throw404NotFound();
}
ValidateTokenResponse response = new ValidateTokenResponse();
response.access = new ValidateAccess();
response.access.user = Mapping.mapToUserValidation(userEntity);
// response.access.token = new Token();
// response.access.token.expires = checkTokenInfo.expiration;
// response.access.token.id = checkToken;
String checkProject = project;
if (checkProject != null) {
ProjectEntity projectEntity = null;
try {
projectEntity = userAuthenticator.findProject(checkProject);
} catch (AuthenticatorException e) {
log.warn("Error while fetching project", e);
throwInternalError();
}
if (projectEntity == null) {
throw404NotFound();
}
// Note that we do not unlock the user / project; we don't have any secret material
// TODO: We could return stuff encrypted with the user's public key
// projectEntity.unlockWithUser(userEntity);
//
// if (!projectEntity.isSecretValid()) {
// throw404NotFound();
// }
UserProjectEntity userProject = null;
try {
userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
} catch (AuthenticatorException e) {
log.warn("Error while fetching project", e);
throwInternalError();
}
if (userProject == null) {
// Not a member of project
throw404NotFound();
}
response.access.project = Mapping.mapToProject(projectEntity);
response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
}
return response;
}
use of org.platformlayer.auth.ProjectEntity in project platformlayer by platformlayer.
the class CreateProject method runCommand.
@Override
public Object runCommand() throws RepositoryException {
UserDatabase userRepository = getContext().getUserRepository();
// We need to login to unlock the user key so we can encrypt the project key!
UserEntity me = getContext().loginDirect();
if (projectKey.contains("@@")) {
throw new CliException("Project names with @@ are reserved for system uses");
}
ProjectEntity project = userRepository.createProject(projectKey, me);
return project;
}
use of org.platformlayer.auth.ProjectEntity in project platformlayer by platformlayer.
the class PkiResource method signCertificate.
@POST
@Path("csr")
public SignCertificateResponse signCertificate(SignCertificateRequest request) {
try {
requireSystemAccess();
} catch (AuthenticatorException e) {
log.warn("Error while checking system token", e);
throwInternalError();
}
// TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
// if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
// throw404NotFound();
// }
//
// UserEntity user = null;
// try {
// user = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
// } catch (AuthenticatorException e) {
// log.warn("Error while fetching user", e);
// throwInternalError();
// }
//
// if (user == null) {
// throw404NotFound();
// }
String projectKey = request.project;
ProjectEntity project = null;
try {
project = userAuthenticator.findProject(projectKey);
} catch (AuthenticatorException e) {
log.warn("Error while fetching project", e);
throwInternalError();
}
if (project == null) {
throw404NotFound();
}
project.setProjectSecret(FathomdbCrypto.deserializeKey(request.projectSecret));
// Note that we do not unlock the user / project; we don't have any secret material
// TODO: We could return stuff encrypted with the user's public key
// projectEntity.unlockWithUser(userEntity);
//
// if (!projectEntity.isSecretValid()) {
// throw404NotFound();
// }
// UserProjectEntity userProject = null;
// try {
// userProject = userAuthenticator.findUserProject(user, project);
// } catch (AuthenticatorException e) {
// log.warn("Error while fetching project", e);
// throwInternalError();
// }
//
// if (userProject == null) {
// // Not a member of project
// throw404NotFound();
// }
//
// boolean isOwner = false;
// for (RoleId role : userProject.getRoles()) {
// if (role.equals(RoleId.OWNER)) {
// isOwner = true;
// }
// }
//
// if (!isOwner) {
// throwUnauthorized();
// }
List<X509Certificate> certificates = null;
try {
certificates = pki.signCsr(project, request.csr);
} catch (OpsException e) {
log.warn("Error while signing CSR", e);
throwInternalError();
}
SignCertificateResponse response = new SignCertificateResponse();
response.certificates = Lists.newArrayList();
for (X509Certificate cert : certificates) {
response.certificates.add(CertificateUtils.toPem(cert));
}
return response;
}
use of org.platformlayer.auth.ProjectEntity in project platformlayer by platformlayer.
the class TokensResource method validateToken.
@GET
// @HEAD support is automatic from the @GET
@Path("{tokenId}")
public ValidateTokenResponse validateToken(@PathParam("tokenId") String checkToken, @QueryParam("project") String project) {
try {
requireSystemAccess();
} catch (AuthenticatorException e) {
log.warn("Error while checking system token", e);
throwInternalError();
}
TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
throw404NotFound();
}
UserEntity userEntity = null;
try {
userEntity = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
} catch (AuthenticatorException e) {
log.warn("Error while fetching user", e);
throwInternalError();
}
ValidateTokenResponse response = new ValidateTokenResponse();
response.access = new ValidateAccess();
response.access.user = Mapping.mapToUserValidation(userEntity);
response.access.token = new Token();
response.access.token.expires = checkTokenInfo.expiration;
response.access.token.id = checkToken;
String checkProject = project;
if (checkProject != null) {
ProjectEntity projectEntity = null;
try {
projectEntity = userAuthenticator.findProject(checkProject);
} catch (AuthenticatorException e) {
log.warn("Error while fetching project", e);
throwInternalError();
}
if (projectEntity == null) {
throw404NotFound();
}
projectEntity.unlockWithUser(userEntity);
if (!projectEntity.isSecretValid()) {
throw404NotFound();
}
UserProjectEntity userProject = null;
try {
userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
} catch (AuthenticatorException e) {
log.warn("Error while fetching project", e);
throwInternalError();
}
if (userProject == null) {
// Not a member of project
throw404NotFound();
}
response.access.project = Mapping.mapToProject(projectEntity);
response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
}
return response;
}
Aggregations